Initial Fetch integration for Subresource Integrity

Source/modules/fetch/FetchManager.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "modules/fetch/FetchManager.h"
 
 #include "bindings/core/v8/ExceptionState.h"
 #include "bindings/core/v8/ScriptPromiseResolver.h"
 #include "bindings/core/v8/ScriptState.h"
 #include "bindings/core/v8/V8ThrowException.h"
 #include "core/dom/DOMArrayBuffer.h"
 #include "core/dom/Document.h"
 #include "core/dom/ExceptionCode.h"
 #include "core/fetch/FetchUtils.h"
 #include "core/fileapi/Blob.h"
 #include "core/frame/Frame.h"
+#include "core/frame/SubresourceIntegrity.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/inspector/ConsoleMessage.h"
 #include "core/inspector/InspectorInstrumentation.h"
 #include "core/loader/ThreadableLoader.h"
 #include "core/loader/ThreadableLoaderClient.h"
 #include "core/page/ChromeClient.h"
 #include "core/page/Page.h"
 #include "modules/fetch/Body.h"
 #include "modules/fetch/BodyStreamBuffer.h"
 #include "modules/fetch/DataConsumerHandleUtil.h"
@@ skipping 22 matching lines @@
 
     void didReceiveResponse(unsigned long, const ResourceResponse&, PassOwnPtr<WebDataConsumerHandle>) override;
     void didFinishLoading(unsigned long, double) override;
     void didFail(const ResourceError&) override;
     void didFailAccessControlCheck(const ResourceError&) override;
     void didFailRedirectCheck() override;
 
     void start();
     void dispose();
 
+    class IntegrityVerifiedDataConsumerHandle : public WebDataConsumerHandle {
+    public:
+        IntegrityVerifiedDataConsumerHandle(PassOwnPtr<WebDataConsumerHandle> handle, String integrityMetadata, const KURL& url, FetchManager::Loader* loader)
+            : m_handle(handle)
+            , m_integrityMetadata(integrityMetadata)
+            , m_url(url)
+            , m_loader(loader)
+            , m_response(nullptr)
+        {
+        }
+
+        void setResponse(Response* response) { m_response = response; }
+
+    private:
+        class ReaderImpl final : public WebDataConsumerHandle::Reader {
+        public:
+            ReaderImpl(PassOwnPtr<WebDataConsumerHandle::Reader> reader, String integrityMetadata, const KURL& url, FetchManager::Loader* loader, Response* response)
+                : m_reader(reader)
+                , m_integrityMetadata(integrityMetadata)
+                , m_url(url)
+                , m_loader(loader)
+                , m_response(response)
+                , m_firstRun(true)
+            {
+            }
+            Result read(void* data, size_t size, Flags flags, size_t* readSize) override
+            {
+                if (m_firstRun) {
+                    m_firstRun = false;
+                    String content;
+                    char buf[1000];
+                    size_t amt;
+                    while (m_reader->read(buf, 1000, flags, &amt) == Ok)

[yhirano, 2015/08/11 09:22:08]

Do you want to read all data from the pipe with this loop? If so, you cannot.

[jww, 2015/08/12 16:40:14]

This is addressed by your suggestion of implementing all of this in a Client in
didGetReadable(), correct?

[yhirano, 2015/08/13 18:10:36]

Yes.

+                        content.append(buf, amt);
+                    String errorMessage;
+                    if (!SubresourceIntegrity::CheckSubresourceIntegrity(m_integrityMetadata, content, m_url, *m_loader->document(), errorMessage)) {

[yhirano, 2015/08/11 09:22:08]

This function can be called on a different thread from the one in which the
loader and the document live, so I think you cannot use them synchronously.

[jww, 2015/08/12 16:40:14]

This is no longer a problem if your suggestion of implementing this in a Client
in didGetReadable(), correct? That is, that guarantees that the logic will live
in the Fetch thread, so using the loader and the document should be safe.

+                        m_loader->performNetworkError(errorMessage);
+                        return UnexpectedError;
+                    }
+                    m_loader->m_resolver->resolve(m_response);
+                    m_loader->m_resolver.clear();
+                    m_response = nullptr;
+                }
+
+                return m_reader->read(data, size, flags, readSize);
+            }
+
+            Result beginRead(const void** buffer, Flags flags, size_t* available) override
+            {
+                return m_reader->beginRead(buffer, flags, available);
+            }
+
+            Result endRead(size_t readSize) override
+            {
+                return m_reader->endRead(readSize);
+            }
+
+        private:
+            OwnPtr<WebDataConsumerHandle::Reader> m_reader;
+            String m_integrityMetadata;
+            KURL m_url;
+            FetchManager::Loader* m_loader;
+            Response* m_response;
+            bool m_firstRun;
+        };
+
+        Reader* obtainReaderInternal(Client* client) override

[yhirano, 2015/08/11 09:22:08]

A difficult point is that obtainReaderInternal can be called on any oilpan
thread and the obtained reader run on the thread.

[jww, 2015/08/12 16:40:14]

Acknowledged.

+        {
+            return new ReaderImpl(m_handle->obtainReader(client), m_integrityMetadata, m_url, m_loader, m_response);
+        }
+        const char* debugName() const override { return m_handle->debugName(); }
+
+        OwnPtr<WebDataConsumerHandle> m_handle;
+        String m_integrityMetadata;
+        KURL m_url;
+        FetchManager::Loader* m_loader;
+        Response* m_response;
+    };
+
 private:
     Loader(ExecutionContext*, FetchManager*, ScriptPromiseResolver*, FetchRequestData*);
 
     void performBasicFetch();
     void performNetworkError(const String& message);
     void performHTTPFetch(bool corsFlag, bool corsPreflightFlag);
     void failed(const String& message);
     void notifyFinished();
     Document* document() const;
 
@@ skipping 45 matching lines @@
             break;
         case WebURLRequest::FetchRequestModeNoCORS:
             m_request->setResponseTainting(FetchRequestData::OpaqueTainting);
             break;
         case WebURLRequest::FetchRequestModeCORS:
         case WebURLRequest::FetchRequestModeCORSWithForcedPreflight:
             m_request->setResponseTainting(FetchRequestData::CORSTainting);
             break;
         }
     }
-    FetchResponseData* responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(createFetchDataConsumerHandleFromWebHandle(handle)));
+
+    FetchResponseData* responseData;
+    IntegrityVerifiedDataConsumerHandle* integrityVerifier = nullptr;
+    if (m_request->integrity().isEmpty()) {
+        responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(createFetchDataConsumerHandleFromWebHandle(handle)));
+    } else {
+        integrityVerifier = new IntegrityVerifiedDataConsumerHandle(handle, m_request->integrity(), m_request->url(), this);
+        responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(createFetchDataConsumerHandleFromWebHandle(adoptPtr(integrityVerifier))));
+    }
     responseData->setStatus(response.httpStatusCode());
     responseData->setStatusMessage(response.httpStatusText());
     for (auto& it : response.httpHeaderFields())
         responseData->headerList()->append(it.key, it.value);
     responseData->setURL(response.url());
     responseData->setMIMEType(response.mimeType());
 
     FetchResponseData* taintedResponse = responseData;
     switch (m_request->tainting()) {
     case FetchRequestData::BasicTainting:
         taintedResponse = responseData->createBasicFilteredResponse();
         break;
     case FetchRequestData::CORSTainting:
         taintedResponse = responseData->createCORSFilteredResponse();
         break;
     case FetchRequestData::OpaqueTainting:
         taintedResponse = responseData->createOpaqueFilteredResponse();
         break;
     }
+
     Response* r = Response::create(m_resolver->executionContext(), taintedResponse);
     r->headers()->setGuard(Headers::ImmutableGuard);
-    m_resolver->resolve(r);
-    m_resolver.clear();
+
+    if (integrityVerifier) {
+        integrityVerifier->setResponse(r);
+    } else {
+        m_resolver->resolve(r);
+        m_resolver.clear();
+    }
 }
 
 void FetchManager::Loader::didFinishLoading(unsigned long, double)
 {
     ASSERT(!m_failed);
     m_finished = true;
 
     if (document() && document()->frame() && document()->frame()->page()
         && m_responseHttpStatusCode >= 200 && m_responseHttpStatusCode < 300) {
         document()->frame()->page()->chromeClient().ajaxSucceeded(document()->frame());
@@ skipping 298 matching lines @@
 
 DEFINE_TRACE(FetchManager)
 {
 #if ENABLE(OILPAN)
     visitor->trace(m_executionContext);
     visitor->trace(m_loaders);
 #endif
 }
 
 } // namespace blink